The North Korean army is continuing to try its hand at ransomware, according to a new report from cybersecurity firm Trellix. Christiaan Beek, lead scientist with the company’s threat research division, released a report on Tuesday tying four ransomware families — BEAF, PXJ, ZZZZ and CHiCHi — to the prolific Unit 180 of North Korea’s cyber-army. Trellix said the unit is behind several ransomware attacks on organizations across Asia since 2020, when researchers first discovered the VHD ransomware and tied it to actors connected to the North Korean military. Beek explained that the source code for the VHD ransomware has similarities and ties to the four ransomware strains mentioned in the report. “We suspect the ransomware families described in this blog are part of more organized attacks. Based on our research, combined intelligence, and observations of the smaller targeted ransomware attacks, Trellix attributes them to DPRK affiliated hackers with high confidence,” Beek said.
Full story : Researchers tie ransomware families to North Korean cyber-army.